<?php include('themes/header.php');

if(isset($_SESSION['username'])) {

	echo '<div class="error_message">Attention! You are already logged in. You don\'t need to reset your password.</div>';
	echo "<h2>What to do now?</h2><br />";
	echo "Go <a href='javascript:history.go(-1)'>back</a> to the page you were viewing before this.</li>";
	include('themes/footer.php');
	
	exit();
}

if(mysql_real_escape_string($_GET['key']) != '') {

$key = mysql_real_escape_string($_GET['key']);

if(isset($_POST['reset'])) {

	$username = mysql_real_escape_string($_POST['username']);
	$password = mysql_real_escape_string($_POST['password']);
	$password2 = mysql_real_escape_string($_POST['password_confirm']);

	if(trim($username) == '') {
    	$error = '<div class="error_message">Attention! Please confirm your username.</div>';
    }
	
	if($password != $password2) {
    	$error = '<div class="error_message">Attention! Your passwords did not match, try again.</div>';
	}
	
	if(strlen($password) < 5) {
    	$error = '<div class="error_message">Attention! Your password must be at least 5 characters.</div>';
	}
	
	$sql = "SELECT email,fname FROM account_data WHERE name='".$username."'";
	$query = mysql_query($sql);
	$row = mysql_fetch_array($query);
	
	if($key != md5($row['email'] . '1')) {
    	$error  = '<div class="error_message">Attention! Verification failed. Please contact us for more information.</div>';
	}
		
	if($error == '') {

	$sql = "UPDATE account_data SET password = $password WHERE name='".$username."'";
	$query = mysql_query($sql) or die("Fatal error: ".mysql_error());
	
	$email = $row['email'];
		
	$msg  = $row['fname'] . ",\r\n\n";			
	$msg .= "Your password has been successfully reset.\r\n\n";
	$msg .= "If you didn't request this password reset please contact us.";

    mail($email, 'Your Password has been Reset', $msg, "From: ".email()."\r\nReturn-Path: ".email()."\r\n");

	echo "<div class='success_message'>Successfully updated your account, return to <a href='home.php'>homepage</a>.</div>";
	echo "<h2>Forgotton Password</h2>";
	echo "<p>If you need any further support please contact the website administrator.</p>";
	exit();
	
	}
}

	echo $error;

    echo '<h2>Forgotten Password</h2>';
    
    echo '<form method="POST" action="">';
    echo '<label>Confirm Username</label><input type="text" name="username" size="20"><br />';
    echo '<label>New Password</label><input type="password" name="password" size="20"><br />';
    echo '<label>Confirm Password</label><input type="password" name="password_confirm" size="20"><br />';
    echo '<input type="submit" value="Submit" name="reset">';
	echo '</form> ';
	exit();

}

if(isset($_POST['forgotten'])) {

	$usernamemail = $_POST['usernamemail']; 

	if (!isset($usernamemail)) { 
		header( "Location: index.php" ); exit();
	} elseif (empty($usernamemail)) { 
		$error = '<div class="error_message">Attention! Please enter your Username and Password.</div>';
	} else { 
	
	// Add slashes to the username and md5() the password 
	$usernamemail = addslashes($_POST['usernamemail']); 	
	
	$sql = "SELECT * FROM account_data WHERE name='$usernamemail'"; 
	$result = mysql_query($sql);
	
	// Check that at least one row was returned 
	$rowCheck = mysql_num_rows($result); 
	
	if($rowCheck > 0) { 
	while($row = mysql_fetch_array($result)) { 
		
		$email = $row['email'];
		
		 $msg  = $row['fname'] . ",\r\n\n";			
		 $msg .= "Please follow the link below to update your login details.\r\n\n";
		 $msg .= SITE_PATH . 'forgotten.php?key=' . md5($email . '1') . "\r\n\n";
		 $msg .= "If you didn't request this password reset it is safe to ignore this message.";

         mail($email, 'Forgotten Password', $msg, "From: ".email()."\r\nReturn-Path: ".email()."\r\n");
		
	  echo '<h2>Forgotten Password</h2>';
	  echo '<p>Please check your e-mail for further information.</p>';
	  echo '<p>Back to <a href="home.php">homepage</a></p>';
	  exit();
	
	  } 
	
	  } else { 
		
	  $error = '<div class="error_message">Attention! We can\'t find a record matching those details.</div>'; 
	  } 
	}
}

echo $error; ?>

<h2>Forgotten Password</h2>

<form method="POST" action=""> 
<label>Username</label><input type="text" name="usernamemail" size="20"><br />
<input type="submit" value="Submit" name="forgotten"> 
</form> 

<?php include('themes/footer.php'); ?>